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(57) ABSTRACT 

A system and metiiod for use in a communication network 
that communicates with a plurality of digital content servers 
lo provide selected digital data files, including video and 
audio files, for download to a subscriber device. A segmen- 
tation controller is provided for dividing the selected into 
segments. An encryption oontroUer is provided for com- 
pressing and encrypting each of the segments with a selected 
one of a plurality of encryption keys. The segments are then 
transmitted at or above the average bandwidth of the com- 
munication network to a subscriber device. A copy of the 
decryption keys are transmitted to the subscriber device to 
enable playback of the selected file only with a current 
verification of the subscriber device. 
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SYSTEM AND METHOD FOR SECURELY 
DISTRIBUTING DIGITAL CONTENT FOR SHORT 
TERM USE 

CROSS-REFERENCE TO RELATED 
APPLICAnONS 

[0001] The present invention is related to those disclosed 
in the following United States patent applications: 

[0002] 1. Provisional Sen No. t607153;735^filed on 
Sep. 13, 1999, entitled "SYSTEMS FOR CON- 
TROLLING INTERNET BASED DISTRIBUTION 
OF VIDEO AND OTHER DATA AND METHODS 
OF OPERAnNG 'I HESE SYSTEMS"; 

[0003] 2, Ser. No, Qg/5^72G4,-.filed on Apr. 12, 2000, 
entitled "SYSTEMS AND MEIHODS FOR CON- 
TROLLING INTERNET-BASED DISTRIBUTION 
OF VIDEO AND OTHER DATA"; 

[0004] 3«SerSNoW09/621^839jTfiled on Jul. 24, 2000, 
entitled ' "SYSTEM AND METHOD FOR 
EXTENDING RENTAL PERIOD OF DOWN- 
LOADED VIDEO." 

[0005] 4. Ser. No. 09/656,553, filed on Sep. 6, 2000, 
entitled "SET-TOP BOX FOR INTERNET-BASED 
DISTRIBUTION OF VIDEO AND OTHER 
DATA." 

[0006] HuJatjo^eiapp lications-arc: commonty^assi g ped -tO p 
^^gHl^'g pgg' oF-^thc * present- in vention.^lTie ^ disclostires - of^ 
theseTelatedji] atent;a pplicatio n's ar^^^ by> 
referehce;;jnto^the^ 
herein^ 

TECHNICAL FIELD OF THE INVENTION 

[0007] The present invention relates generally to systems 
and methods for securely distributing digital content, includ- 
ing video files, via a public communications network. More 
particularly, the present invention relates to systems and 
methods for delivering digital content while maintaining fuU 
control over the digital content from servers administered by 
the content owners. 

- - - BACKGROUND OF THE INVENTION 

[0008] Every year millions of consumers rent videos from 
video rental stores such as BLOCKBUSTER®. Video stores 
provide videos on video cassette recorder (VCR) tapes and 
on digital versatile disks (DVDs). One of the attractive 
features of renting or buying a video is that it offers a person 
an opportunity to shop for a wide variety of movies, includ- 
ing recent studio releases and older movies that have been 
out of theaters for a long time. The attractive movie box 
covers displayed on shelves in a video store serve to remind 
shoppers of movies they may have missed when the movies 
were still in theaters. The box covers also introduce shoppers 
to movies with which they are unfamiliar. 

[0009] Another attractive feature of renting or buying a 
video is that it provides a person with the convenience of 
watching a particular movie when the person wants to watch 
the movie . Thus, the consumer does not have to wait for the 
movie to be broadcast again in order to view it. Furthermore, 
if a person rents or buys a video, he or she does not have to 
watch commercials and does not have to watch the entire 



movie in one sitting, but may pause the video at his or her 
convenience. The conveniences of buying or renting a video 
are particularly important to a consumer whose infrequent 
television viewing habits do not just justify the cost of 
paying for premium movie channels, such as HBO® or 
SHOWTIME®. 

[0010] Unfortunately there are numerous inconveniences 
associated with buying or renting videos from a video store. 
Every video rental involves the inconvenience of two trips 
to the video store: one trip to rent the video and one trip to 
return the video. If the consumer is not able to return the 
video to the video store by the return deadline, the consumer 
must pay a daily late fee that fi^equently is larger than the 
original daily rental fee. In fact, a significant portion of the 
revenues of many video stores come from late fees. Many 
consumers would prefer not to go out in bad weather to rent 
a video or, more importantly, to return a video. 

[0011] Currently, videos may be downloaded from the 
Internet. Videos, hke any other digital content on the Inter- 
net, are subject to copying by unauthorized parties. Gener- 
ally, the preferred method for securely distributing digital 
content on networks today involves storing the encrypted 
video (digital content) on a server and then "streaming" that 
content to a subscriber device where it is decrypted and 
played back. Streaming means that the encrypted video is 
formed into packets and the packets are sent at high speed 
to a receiving device. There are various problems with this 
approach though. Streaming does not allow the content to be 
stored locally on the subscriber device. Every time the 
content is required (o be played on the subscriber device it 
has to be downloaded from the server. This ties up precious 
network bandwidth and makes multiple use of content, such 
as video rental, almost impossible to achieve because of the 
high bandwidth demands placed on the network. 

[0012] VCRs enable a user to exercise control over the 
video tape. For example, video playback machines allow the 
user to rewind, fast forward, pause, stop and exercise other 
control while playing the video. If the video is a digital file 
stored locally, the user is able to exercise the control, 
available in the VCR, over the digital file. In the streaming 
mode of operation, the subscriber devices have to go back to 
the server to exercise these controls. This causes the server 
to become a severe bottleneck and prevents the solution to 
scale to a very large number of devices. 

[0013] Streaming requires a guaranteed constant band- 
width from the network since there is no local storage of the 
content. If there are temporary network glitches, the user 
may experience jerkiness or lost video frames. Most internet 
protocol (IP) networks (i.e., th Intemet) deployed in the real 
world do not guarantee constant network bandwidth but do 
offer an average bandwidth of a certain size. 

[0014] Because of the problems outlined above, a need 
exists in the art for a method of securely distributing digital 
content for short-term use over IP networks that allows the 
content to be stored locally on the subscriber devices. 

SUMMARY OF THE INVENTION 

[0015] The present invention provides advantageous 
embodiments of an Internet-based video rental, sales, and 
distribution network that allows subscribers lo securely buy, 
rent, or otherwise acquire stored digital content (hereinafter 
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sometimes referred to as video files or audio files), using a 
high-speed conDCction to the Internet. The present invention 
also provides a software controller for handling transactions 
to buy, rem or otherwise acquire the digital content over the 
Internet. However, the present invention is by no means 
limited to a software controller embodiment and it should be 
understood that the controller may be implemented in soft- 
ware, hardware, firmware, or some combination of these 
elements. 

[0016] The purchased, rented, or otherwise acquired video 
and audio file or other data file is downloaded to a subscrib- 
er's video player and is then available for local viewing on 
the subscriber's television or other video display device for 
the duration of the rental period or indefinitely if the video 
content is purchased outright, 

[0017] One advantageous embodiment of the proposed 
exemplary system for transmitting digital content over a 
communication network includes: 1) a memory for storing 
digital content, in the form of video files or audio files; 2) a 
segmentation controller capable of dividing the video and 
audio files into file segments; 3) an encryption controller to 
encrypt each file segment and storing the decryption keys in 
the memory and 4) a transmLssion controller that is capable 
of determining the average bandwidth of the network at the 
time of transmission and passing that information to the 
segmentation controller. 

[0018] According to another embodiment of the present 
invention, the transmission controller is capable of trans- 
mitting the stored decryption keys to the subscriber device 
after receiving a verification of the subscriber device. 

[0019] According to still another embodiment of the 
present invention, the encryption controller is capable of 
compressing each of the segments of the selected file prior 
to encryption. 

[0020] According to yet another embodiment of the 
present invention, the segmentation controller is capable of 
adjusting the size of each of the segments of the selected file. 

[0021] According to a further embodiment of the present 
invention, the segmentation controller may adjust the size of 
each segment according to network bandwidth parameters 
received. from jhe. transmission, controller 

[0022] According to a still further embodiment of the 
present invention, the segmentation controller is capable of 
adjusting the size of each segment according to the average 
bandwidth of the communication network. 

[0023] According to another embodiment of the present 
invention, the decrypting keys will be downloaded to the 
subscriber device upon verification. However, it is not 
necessary to download the decryptioti keys if the selected 
file is rewoimd or restarted within a predetermined time 
period. 

[0024] Before undertaking the DETAILED DESCRIP- 
TION OF THE INVENTION, it may be advantageous to set 
forth definitions of certain words and phrases used through- 
out this patent document; the terms "include" and "com- 
prise" and their derivatives mean inclusion without limita- 
tion; the term "or" is inclusive, meaning and/or; the term 
"associable" and the phrases "associated with" and "asso- 
ciated therewith" and their derivatives thereof may mean to 
include, be included within, interconnect with, contain, be 



contained within, connect to or with, coupled to or with, be 
communicable with, cooperate with, interleave, juxtapose, 
be proximate to, be bound to or with, have, have a property 
of, or the like; and the term "controller" means any device, 
system or part thereof that controls at least one operation. 
Such a device may be implemented in hardware, firmware or 
software, or some combination of at least two of the same. 
It should be noted that the functionahty associated with any 
particular controller may be centralized or distributed, 
whether locally or remotely. In particular, a controller may 
comprise one or more data processors, and asst)ciated input/ 
output devices and memory, that execute one or more 
apphcation programs and/or an operating system program. 
Definitions for certain words and phrases are provided 
throughout this patent document, those of ordinary skiU in 
the art should understand that in many, if not most instances, 
such definitions apply to prior, as well as future uses of such 
defined words and phrases. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0025] For a more complete understanding of the present 
invention, and the advantages thereof, reference is now 
made to the following descriptions taken in conjunction with 
the accompanying drawings, wherein like numbers desig- 
nate like objects, and in which: 

[0026] FIG. 1 is a block diagram of an exemplary auto- 
mated video distribution system according to one embodi- 
ment of the present invention; 

[0027] FIG. 2 is a more detailed block diagram of selected 
portions of the exemplary automated video distribution 
■ system according to one embodiment of the present inven- 
tion; 

[0028] FIG. 3 is a message flow diagram illustrating an 
exemplary end-to-end video rental or sale transaction 
between an exemplary network video player (NVP), an 
exemplary video Internet service provider (VIS?) network 
and an exemplary video point-of-presence (VPOP) network 
according to one embodiment of the present invention; 

[0029] FIG. 4 is a message flow diagram illustrating an 
exemplary process of viewing a video already rented by the 
subscriber 'according to one'embodiment' of "the~present 
invention; 

[0030] FIG. 5 is a message flow diagram illustrating an 
exemplary process of extending the rental duration for a 
video already downloaded to an exemplary NVP according 
to one embodiment of the present invention; 

[0031] FIG. 6 fllustrates an exemplary header that may be 
attached to video files downloaded to an NVP according to 
one embodiment of the present invention; 

[0032] FIG. 7 illustrates an exemplary header that may be 
attached to video files stored on a VPOP network according 
to one embodiment of the present invention; 

[0033] FIG. 8 illustrates an exemplary header that may be 
attached to records in the VPOP database for each copy of 
a video rented according to one embodiment of the present 
invention; 

[0034] FIG. 9 illustrates an exemplary web page from 
which a subscriber iLsing the exemplary network video 
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player may select a video to rent or to purchase, according 
to one cmbodimerit of the present invention; 

[0035] FIG. 10 illustrates an exemplary web page from 
which a subscriber may learn additional details concerning 
a selected video, according to one embodiment of the 
present invention; 

[0036] FIG. 11 is a more detailed block diagram of 
selected portions of the exemplary network video player 
according to one embodiment of the present invention; 

[0037] FIG. 12 is a flow chart illustrating the operation of 
the exemplary network video player according to one 
embodiment of the present invention; 

[0038] FIG. 13 illustrates in greater detail selected por- 
tions of a VPOP network a N VP that download video, audio 
and other digital data hies in block bursts according to one 
embodiment of the present invention; and 

[0039] FIGS. 14A-14B is a flow chart depicting a method 
for securely distributing digital content over a network 
according to one embodiment of the present invention. 

DETAILED DESCRIPTION OF INVE^^TION 

[0040] FIGS. 1 through 14, discussed below, and the 
various embodiments used to describe the principles of the 
present invention in this patent document are by way of 
illustration only and should not be construed in any way to 
limit the scope of the invention. Those skilled in the art will 
understand that the principles of the present invention may 
be implemented in any suitably arranged data network. 

[0041] FIG. 1 is a block diagram of automated video 
distribution system 100 according to one embodiment of the 
present invention. Automated video distribution system 100 
comprises a group of "M" subscriber sites (typically homes), 
including exemplary subscriber sites 110, 120, and 130, and 
a group of "N" video point-of-presence (VPOP) networks, 
including exemplary VPOP network 150, VPOP network 
160, and VPOP network 170. Automated video distribution 
system 100 also comprises video Internet service provider 
(VISP) network 180. The subscriber sites, VPOP networks, 
and^yiSPnetwork 180 .communicate over common com-, 
munication network 140, which is an Internet protocol (IP) 
based network, such as the Internet or one or more privately 
owned IP-based iiitranets. 

[0042] Exemplary subscriber site 110 comprises television 
set 111 and exemplary network video player (NVP) 112 
according to the principles of the present invention. Simi- 
larly, exemplary subscriber site 120 comprises televLsion set 
121 and exemplary network video player (NVP) 122 and 
exemplary subscriber site 130 comprises television set 131 
and exemplary network video player (NVP) 132. As will be 
described below in greater detail, subscribers use NVP 112, 
NVP 122 and NVP 132 to access VISP network 180 in order 
to rent or purchase videos that are stored on one or more of 
VPOP network 150, VPOP network 160 and VPOP network 
170. One or more of NVP 112, NVP 122 and NVP 132 may 
be implemented as a stand-alone device, such as a set top 
box or a personal computer, attached to a corresponding one 
of television sets 111, 121 and 131. Alternatively, one or 
more of NVP 112, NVP 122 and NVP 132 may be integrated 
into a corresponding one of television sets 111, 121 and 131. 



[0043] Exemplary VPOP network 150 may comprise one 
or more workstations, collectively represented by worksta- 
tion 151, and one or more video access servers, collectively 
represented by VPOP server 152. Similarly, exemplary 
VPOP network 160 may comprise one or more workstations, 
collectively represented by workstation 161, and one or 
more video access servers, collectively represented by video 
access server 162. Finally, exemplary VPOP network 170 
may comprise one or more workstations, collectively rep- 
resented by workstation 171, and one or more video access 
servers, collectively represented by video access server 172. 
As will be explained below in greater detail, each of VPOP 
networks 150, 160 and 170 allows subscribers previously 
authenticated and authorized by VISP network 180 to access 
and download video files. 

[0044] Finally, VISP network 180 comprises one or more 
workstations, collectively represented by workstation 181, 
one or more servers, collectively represented by VISP server 
182, and one or more database storage devices, collectively 
represented by VISP database 183. Among other things, 
VISP server 182 acts as a broker between a subscriber that 
wishes to download a selected video and a VPOP that has the 
selected video file. 

[0045] It should be understood that the above-described 
embodiments of subscriber sites 110, 120, and 130, VPOP 
networks 150, 160, and 170, and VISP network 180 are 
illustrative only and that other architectures may be 
employed that do not depart from the spirit and scope of the 
invention. For example, in some emhtxliments of the present 
invention, one or more of NVP 112, NVP 122 and NVP 132, 
and VPOP networks 150, 160, and 170 may comprise a 
single desktop personal computer (PC) coupled to the Inter- 
net that provides a single subscriber with access to VISP 
network 180, In some embodiments of the present invention, 
one or more of NVP 112, NVP 122 and NVP 132 may be a 
laptop computer that is capable of accessing the Internet 
(i.e., common communication network 140) via a wireless 
modem. Similarly, one or more" of VPOP networks 150, 160, 
and 170 may be connected wirelessly to communication 
network 140, such as by a satellite link. 

[0046] FIG. 2 is a more detailed block diagram of selected 
portions of automated video distribution system lOO accord- 
ing to one embodiment of the present invention. In particu- 
lar, FIG. 2 illustrates selected portions of subscriber site 110, 
VPOP network 150, VISP network 180 and common com- 
munication network 140. Network video player (NVP) 110 
in subscriber site 110 comprises browser software applica- 
tion 210 (hereafter, simply "browser 210"), NVP controller 
212, and NVP storage device 214 (typically a disk drive, 
which stores downloaded videos. VPOP network 150 com- 
prises VPOP web site software application 230 (hereafter, 
simply "VPOP web site 230"), VPOP video acce.ss control- 
ler 232, VPOP accounting controller 234, and VPOP data- 
base 236. Finally, VISP network 180 comprises VISP web 
site software application 220 (hereafter, simply "VISP web 
site 220"), video distribution controller 222, VISP account- 
ing controller 224, and VISP database 183. 

[0047] The term "controller" as used with respect to the 
items in FIG. 2 is broadly defined and may mean any device, 
system or part thereof that controls at least one operation. 
Such a device may be implemented in hardware or software, 
or a combination of hardware and software. Furthermore, 
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the functionality associated with any particular controller 
may be centralized or distributed, whether locally or 
remotely. A controller may comprise one or more data 
processors, and associated input/output devices and 
memory, that execute one or more application programs 
and/or an operating system program. 

[0048] In particular, NVP controller 212 may comprise 
software applications executed by the central processing unit 
(CPU) in NVP 112, which may also execute browser 210. 
Likewise, VPOP video access controller 232 and VPOP 
accounting controller 234 may comprise software applica- 
tions executed by the central processing unit (CPU) in VPOP 
server 152. VPOP server 152 may also execute VPOP web 
site 230. Finally, video distribution controller 222 VISP 
accounting controller 224 may comprise software applica- 
tions executed by the central processing unit (CPU) in VISP 
server 182. VISP server 182 may also execute VISP web site 
220. 

[0049] When the subscriber of subscriber site 110 first 
rents or buys a video file via VISP network 180, NVP 
controller 212, which may work in cooperation wilh browser 
210, gathers initial setup data from the subscriber, such as a 
personal name, credit card number, address information, and 
the like, and transfer this information to VISP accounting 
controller 224. If the subscriber at subscriber site 110 has 
previously used VISP network 180, a user name and pass- 
word prompt may be used to quickly identify the subscriber 
and retrieve previously stored information from VISP data- 
base 183, llius, NVP controller 212 and VISF accounting 
controller 224 may be used to gather details about particular 
subscribers that have previously used VISP network 180 and 
also may be used to gather information from new subscrib- 
ers that are using VISP network 180 for the first time. 

[0050] When a subscriber wishes to buy or rent a video, 
the subscriber browses VISP web site 220, which is capable 
of accessing VPOP web site 230 and other VPOP web sites 
in order to retrieve video files and related ideatificatioo 
information stored on VPOP database 236. Video distribu- 
tion controller 222 guides the subscriber through a sequence 
of web site menus from which the subscriber may select a 
video. Video distribution controller 222 transfers informa- 
-tion-related-to the- selected video -to VPOP video access 
controller 232 that allows the subscriber to subsequently 
communicate with VPOP video access controller 232 in 
order to download the selected video via communication 
network 140. After the subscriber has selected a video to 
download, NVP controller 212 communicates with VPOP 
video access controller 232 to actually download the 
selected video file. Payment for the rented or purchased 
video and related invoicing information is then transferred 
from VISP accounting controller 224 to VPOP accounting 
controller 234. 

[0051] FIG. 3 depicts message flow diagram 300, which 
illustrates an exemplary end-to-end video rental or sale 
transaction between NVP 112, VISP network 180 and VPOP 
network 150 according to one embodiment of the present 
invention. Initially, a subscriber using NVP 112 changes to 
the video services channel on television 111. The process of 
changing to the video services channel initiates an IP con- 
nection between NVP 112 and VISP network 180. At this 
point, VISP web site 220 at VISP network 180 appears on 
the screen of television 111, The subscriber iLses the TV 



remote control, wireless keyboard or a pointing device, such 
as a mouse coupled to NVP 112, to browse WISP web site 
220 to select the video content that he or she prefers to buy, 
rent or otherwise acquire. A variety of selection criteria may 
be used to select the video content. VISP network 180 then 
displays a list of VPOPs, including VPOP network 150, 
offering the video content selected by the subscriber. The 
subscriber then chooses a VPOP from which to buy or rent 
the video content. The VPOP selection criteria may be 
determined by geographical location (quicker downloads), 
cost of the video content, and any other differentiator, 
whether based on technological constraints, economic issue, 
or any other related resource allocation issues, that the 
VPOPs use to attract and retain customers. The subscriber 
also chooses whether the video content is to be rented or 
purchased, and if rented, the duration of the rental (process 
step 305). 

[0052] Once the video content and VPOP selection is 
made, VISP network 180 authenticates the subscriber (pos- 
sibly using subscriber account number, password, and the 
like) and collects payment information (credit card, add to 
cable bill, and the like) (process step 310). VISP network 
180 then asks VPOP network 150 to reserve a copy of the 
video content (I-ock Mdeo Request) requested by the sub- 
scriber by sending VPOP network 150 the subscriber's 
unique NVP ID. The NVP ID is a code embedded in NVP 
112. VISP network 180 also informs VPOP network 150 
whether the video content is to be rented or purchased by the 
subscriber, and if rented, the rental duration (process step 
315). 

[0053] VPOP network 150 responds by reserving a copy 
of the video content rented or purchased by the subscriber 
and sends a positive acknowledgment (Lock Video 
Acknowledgment) to VISP network 180. VISP network 180 
creates a billing record with the subscriber's account infor- 
mation and NVP ID for the video content rented or pur- 
chased (process step 320). VISP network 180 then sends a 
positive acknowledgment to NVP 112 to begin downloading 
the video content from VPOP network 150 (process step 
330). 

[0054] Next, NVP 112 connects to VPOP network 150 and 
provides information (Video URL) identifying the movie to 
be purchased or rented as well as the unique NVP ID of NVP 
112 (process step 335). VPOP network 150 verifies that a 
record exists for the NVP ID and the video content requested 
by NVP 112. VPOP network 150 then downloads a file 
containing the requested video content to NVP 112 (process 
steps 340, 345 and 350). After the download is complete, 
VPOP network 150 informs VISP network 180 that the 
download is complete, providing VISP network 180 with the 
subscriber's NVP ID as well as identifying the video content 
rented or purchased. VISP network 180 then completes and 
closes the billing record created for the subscriber using 
NVP 112 (process step 355). 

[0055] FIG. 4 depicts message flow diagram 400, which 
illustrates an exemplary process of viewing a video already 
rented by the subscriber according to one embodiment of the 
present invention. Initially, the subscriber, using the remote 
control of television 111 or a pointing device coupled to 
NVP 112, selects and plays the rented video. NVP 112 
connects to VPOP network 150 from which the video was 
rented and requests VPOP network 150 to verify that the 
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rental duration for the video is still current. NVP 112 
provides VPOP network 150 the video URL as well as the 
unique NVP ID of NVP 112 (process step 405). VPOP 
network 150 locates the rental record for the NVP ID and 
video URL sent by NVP 112. VPOP network 150 compares 
the time-stamp on the rental record with the current time to 
see if the video is within the rental duration paid for by the 
subscriber. If the video is still within the rental duration paid 
for by the subscriber, VPOP network 150 sends an acknowl- 
edgment to NVP 112 that the video may be viewed by the 
subscriber (process step 410). NVP 112 then plays the video 
on television 111. 

[0056] FIG. 5 depicts message flow diagram 500, which 
illustrates an exemplary process of extending the rental 
duration for a video already downloaded to NVP 112 accord- 
ing to one embodiment of the present invention. Initially, the 
subscriber, using the remote control of television 111 or a 
pointing device coupled to NVP 112, selects and plays the 
rented video. NVP 112 connects to VPOP network 150 from 
which the video was rented and requests VPOP network 150 
to verify that the rental duration for the video is still current. 
NVP 112 provides VPOP network 150 the video URL as 
well as the NVP ID of NVP 112 (process step 505). VPOP 
network 150 locates the rental record for the NVP ID and 
video URL sent by NVP 112. VPOP network 150 compares 
the time-stamp on the rental record with the current time to 
see if the video is within the rental duration paid for by the 
subscriber. VPOP network 150 determines that the rental 
period on the video requested by NVP 112 has expired and 
sends a negative acknowledgment back to NVP 112 (process 
step 510). 

[0057] Next, NVP 112 prompts the subscriber to extend 
the rental duration and the subscriber elects to extend the 
rental duration for the video to be viewed. NVP 112 connects 
to VISP network 180 and sends a rental request providing 
VISP network 180 with the unique NVP ID of NVP 112, the 
video URL and VPOP network 150 information (process 
step 515). VISP network 180 then authenticates the sub- 
scriber and collects payment information (process step 520). 

[0058] Once payment is collected, VISP network 180 
requests VPOP network 150 to reserve a copy of the video 
content requested by the. subscriber-by-sending VPOP net- 
work 150 the unique NVP ID of NVP 112. VISP network 
180 also informs VPOP network 150 of the rental duration 
(process step 525). VPOP network 150 responds by reserv- 
ing a copy of the video content rented by the subscriber and 
sends a positive acknowledgment to VISP network 180. In 
response, VISP network 180 creates a billing record with the 
subscriber's account information and the NVP ID of NVP 
112 for the video content rented (process step 530). 

[0059] VISP network 180 sends a positive acknowledg- 
ment to NVP 112 to begin downloading the video content 
from VPOP network 150 (process step 535). NVP 112 
connects to VPOP network 150 and requests that the rental 
duration for the video be extended, providing VPOP net- 
work 150 with the corresponding video URL and the NVP 
ID of NVP 112 (process step 540). VPOP network 150 
verifies that a record exists for the NVP ID of NVP 112 for 
the video content requested by NVP 112. VPOP network 150 
then downloads a new header to NVP 112 with the rental 
extension information (process step 545). VPOP network 
150 informs VISP network 180 that the download is com- 



plete, providing VISP network 180 with the NVP ID of NVP 
112 as well as the video content rented. VISP network 180 
then completes and closes the billing record for the sub- 
scriber (process step 550). 

[0060] To carry out the exemplary transactions described 
above, each of the network components implementing the 
video network may carry out various processes that are 
described below. 

[0061] FIG. 6 illustrates exemplary header 600, which 
may be attached to video files downloaded to NVP 112 
according to one embodiment of the present invention. 
Exemplary header 600 comprises seven data fields. Field 
605 in header 600 contains the URL of the VPOP network 
(e.g., VPOP network 150) that provides the downloaded 
video file. The VPOP URL in field 605 aUows NVP 112 to 
determine the source of the downloaded video file. The 
VPOP URL may subsequently used to validate whether the 
video is still within the rented duration, as well as to extend 
the rental duration if requested by the subscriber. 

[0062] Field 610 in header 600 contains the URL of the 
selected video. The VIDEO URL allows NVP 112 to 
uniquely identify the video to VPOP network 150 as well as 
VISP network 180 during the rental, purchase, viewing, and 
extension transactions. Field 615 in header 600 contains the 
Compression Type. The Compression Type data tells NVP 
112 what algorithm was used to compress the video content. 
This information is used by NVP 112 to decompress the 
stored video for viewing. 

[0063] Field 620 in header 600 contains a data value 
indicating whether the video was rented or purchased by the 
subscriber. The Owned/Rented data value is used by NVP 
112 to determine if it is necessary to check the rental period 
validity before playmg the video on television 111. Field 625 
in header 600 contains a time stamp of the last time the video 
was played. The Time Last Checked data value is used by 
NVP 112 to determine if it is necessary to check with VPOP 
network 150 for rental period validity before playing the 
video on television 111. 

[0064] Field 630 in header 600 contains a checksum value 
for all of the data in header 600. The Header Checksum 
value is usedMby NVP U2 to_deteiTnine whether the,header. 
downloaded from VPOP network 150 during video rental 
transactions was received without errors. Field 635 in header 
600 contains a checksum value for all of the video file, 
excluding header 600. The Video Checksum value is used by 
NVP 112 to determine whether the video file downloaded 
from VPOP network 150 was received without errors. 

[0065] FIG. 7 illustrates exemplary header 700, which 
may be attached to video files stored on VPOP network 150 
according to one embodiment of the present invention. 
Exemplary header 700 comprises five data fields. Field 705 
in header 700 contains the compression type. The Compres- 
sion Type data identifies the algorithm used to compress the 
video content. This information is used to decode the video 
for viewing on NVP 112. Field 710 in header 700 contains 
the number of copies of the video owned by VPOP network 
150. 'Ilie Number of Copies Owned value determines how 
many copies of the video may be rented or sold by VPOP 
network 150. 

[0066] Field 715 in header 700 contains the number of 
copies of the video currently rented from VPOP network 
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150, The Number of Copies Rented value keeps a real-time 
record of the number of each video file that have been rented 
to subscribers. Field 720 in header 700 contains a checksum 
of the actual video content. The Video Checksum value is 
used during the video download process to ensure that all of 
the video content is correctly downloaded from VPOP 
network 150 to NVP 112. Field 725 in header 700 contains 
a pointer to an array of records, one for each copy of the 
video rented from VPOP network 150. The records array 
keeps track of which NVP rented each video and when the 
video was rented. 

[0067] FIG. 8 illustrates exemplary header 800, which 
may be attached to records in VPOP database 236 for each 
copy of a video rented according to one embodiment of the 
present invention. Field 805 in header 800 contains the NVP 
ID of NVP 112, which belongs to the subscriber that rented 
the video. Field 810 in header 800 contains the time at which 
the video was rented by NVP 112. Field 815 in header 800 
contains a status value indicating whether or not the video 
has been downloaded by NVP 112 or if a download is still 
pending. 

[0068] VPOP network 150 can receive inputs from NVP 
112, VISP network 180 or database updates from the local 
system administrator. Database updates to VPOP network 
150 happen when new videos are added to or deleted from 
VPOP network 150 or if additional copies of an existing 
video are purchased. The addition of new videos requires 
VPOP network 150 to send the database updates to VISP 
network 180 to ensure that VISP network 180 has current 
information on all VPOPs carrying the newly added video. 
The database updates for adding more copies of an existing 
video are local changes and do not have to be sent to VISP 
network 180. 

[0069] When VPOP network 150 receives a lock video 
request from VISP network 180, it checks the Number of 
Copies Rented field in the video's header. If the Number of 
Copies Rented is equal to the Number of Copies Owned 
field, then VPOP network 150 sends a Lock Video Request 
deny message back to VISP network 180, Otherwise, VPOP 
network 150 checks whether the Lock Video Request is a 
rental or purchase transaction. If it is a purchase transaction, 
VPOP. network .150, decrements-the-.Number-of Copies 
Owned field, sets the Download Status field in that copy's 
header to "Purchase Download Pending" and sends a Lock 
Video Acknowledge message to VISP network 180. If the 
Lock Video Request from VISP network 180 is a rental 
transaction, VPOP network 150 increments the Number of 
Copies Rented field in the video's header, sets the Download 
Status field in that copy's header to "Rental Download 
Pending" and sends a Lock Acknowledge message to VISP 
network 180. In both rental and purchase transactions, 
VPOP network 150 updates the NVP ID field in that video 
copy's header with the NVP ID of NVP 112 requesting the 
transaction. 

[0070] When VPOP network 150 receives a download or 
extension request from NVP 112, VPOP network 150 looks 
through the array of headers for the video requested to see 
if the NVP ID exists. If the NVP ID does not exist, VPOP 
network 150 sends an error message back to NVP 112, If the 
NVP ID exists and it is an extension request, VPOP network 
150 sends a Download Complete message to VISP network 
180 (along with NVP ID and VIDEO URL information) and 



sends a duration extended message to NVP 112. If the NVP 
ID exists and it is a download request, VPOP network 150 
creates a new header for the video to be downloaded to NVP 
112, VPOP network 150 fills in the VPOP URL, the VIDEO 
URL, the Compression Type value, the Owned/Rented value 
(based on whether the Download Status indicates purchase 
or rental pending), the Header Checksum value, and the 
Video Checksum value. The header is downloaded to NVP 
112 first, followed by the actual video file. 

[0071] If the download is successful, VPOP network 150 
sends a Download Complete message to VISP network 180, 
providing the NVP ID, the VPOP URL, and the VIDEO 
URL, If the download is unsuccessful, VPOP network 150 
checks the Download Status field in that video copy's header 
to see if the video was a rental or a purchase. If the video was 
a rental, VPOP network 150 decrements the Number of 
Copies Rented field in the video header. If it was a purchase 
transaction, VPOP network 150 increments the Number of 
Copies Owned field in the video header (the above two steps 
restore the original number of copies owned or rented and 
cancel out the pending transaction). VPOP network 150 also 
clears the NVP ID and Download Status fields from that 
video copy's header. Finally, VPOP network 150 sends a 
Download Failed message to VISP network 180 and pro- 
vides the NVP ID and the VIDEO URL. 

[0072] As introduced herein above, those skilled in the art 
will readily see that the video or other data content may 
suitably be downloaded in a variety of ways. According to 
one advantageous embodiment, for the purposes of down- 
loading, the video file may be divided into a plurality of 
associated data segments. Each data segment is self con- 
tained and may be downloaded independently of the others 
and then used to reconstruct the video content at subscriber 
site 110. Advantageotisly, the data segments are sequenced 
numerically using file name extensions. Segmenting or 
otherwise breaking up the video files allows NVP 112 to 
start playing the movie after the first segment is downloaded. 
The other data segments continue to download while the first 
segment (and subsequent segments thereafter) continue to 
play. According to a related advantageous embodiment, 
individual segment size may be determined based on the 
slowest download speed to ensure that the next segment will 
be downloaded before the previous segnient firSisHesplaying 
on NVP 112. 

[0073] According to yet another related embodiment, the 
download process may be interrupted because of a failure of 
VPOP network 150, thereby enabling NVP 112 to choose to 
continue downloading the segment content from another 
VPOP network 150 starting from the segment that was 
interrupted rather than starting the entire download process 
over again. This enables the subscriber to recover from 
errors without incurring the prolonged delay that would 
occur if the video file download were restarted from the 
beginning. 

[0074] Besides browsing VISP network 180 web site and 
requesting video content to be rented or purchased, the 
subscriber can also select and view videos already down- 
loaded to NVP 112. To select a locally stored video, the 
subscriber chooses the select option on the remote control or 
wireless keyboard. At this point, a list of all locally stored 
videos is displayed on the subscriber's television screen, llie 
subscriber navigates through the list of videos and chooses 
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a video to be viewed. Once a video is selected, the subscriber 
can apply typical VCR commands like play, fast forward, 
rewind, pause and stop. The rewind, fast forward, pause and 
stop commands are completely local (do not require any 
transactions with VPOP network 150 or VISP network 180). 
When one of these commands is chosen, NVP 112 performs 
the appropriate action on the locally stored video. 

[0075] When the subscriber elects to play locally stored 
video that the subscriber has selected, NVP 112 checks the 
Owned/Rented field in the video's header to determine if the 
video is owned by the subscriber or rented. If the video is 
owned, then it is played on the subscriber's TV screen. If the 
video is rented, NVP 112 checks the Time Last Checked 
value in the video's header to determine the last time the 
video was played. If the Time Last Checked is within two 
hours of the current NVP time, then the video is immediately 
played on the subscriber's TV screen. If the time elapsed 
since the Time Last Checked value is greater than two hours, 
then NVP 112 uses the VPOP URL value in the video header 
to connect to VPOP network 150 from which the video is 
rented. NVP 112 also provides VPOP network 150 with the 
NVP ID of NVP 112, as well as the VIDEO URL value 
stored in the video's header. 

[0076] NVP 112 waits for VPOP network 150 to determine 
whether the video is within the video rental duration. ilfilE? 
va^deo:iystiU}wigiin;t^^^^ 
Time^Last- Checked j^lii^^^ 

yideo- on, the. subscriber's -TV- screen.-If-^ttie-video's- rental 
duration-has^cxpired^" NVP^112; pr6iSpts^i;^theJsuB^ 
extenU rthe.vidco^sjental dw 

eject -to; extend rihe - rental- duration" NW,^U2 rdel?5T-thV 
vi3eo;^ra^ Ipcall^g^ subscriber elects to exterid 

ttiTrelUai duration, NVP 112 connects to VISP network 180 
and provides it with the VPOP URL for VPOP network 150, 
the VIDEO URL, and the NVP ID information. VISP 
network 180 then displays the user authentication screen on 
the subscriber's TV screen. The subscriber follows the 
authentication and payment processes described previously. 
When authentication is done, NVP 112 connects to VPOP 
network 150 and provides it with the VIDEO URL and NVP 
ID and requests to extend the video rental. After extension 
confirmation is received from VPOP network 150, NVP 112 
updates the Time Last Checked value to the current time and 
plays the video on television 111. 

[0077] FIG. 9 illustrates exemplary web page 900 from 
which a subscriber using NVP 112 may select a video to rent 
or to purchase, according to one embodiment of the present 
invention. Web page 900 contains listings for three videos, 
"Rocky .""First Blood," and "Titanic," which the subscriber 
may rent using NVP 112. Four selectable icons are associ- 
ated with the "Rocky" video, including review icon 901, 
download icon 902, trailer icon 903, and video cover icon 
904. Similarly, four selectable icons are associated with the 
"First Blood" video, including review icon 911, download 
icon 912, trailer icon 913, and video cover icon 914. Finally, 
four selectable icons are associated with the "Titanic" video, 
including review icon 921, download icon 922, trailer icon 
923, and video cover icon 924. Selecting any one of the 
review icons transfers the subscriber to web page 1000, 
explained below in FIG. 10, from which the subscriber may 
read a review of the corresponding movie. By selecting any 
one of the download icons, the subscriber may begin the 
process of downloading the selected video to NVP 112. By 



selecting any one of the trailer icons, the subscriber may 
view a brief video clip from the corresponding video file. 
Selecting any one of the video cover icons transfers the 
subscriber to web page 1000. In an advantageous embodi- 
ment of the present invention, video cover icons 904, 914, 
and 924 are smaller sized graphic images (typically in JPEG 
or GIF format) of the box cover of the corresponding video. 

[0078] FIG. 10 illustrates exemplary web page 1000 from 
which a subscriber using NVP 112 may learn additional 
details concerning a selected video, according to one 
embodiment of the present invention. The subscriber using 
NVP 112 enters web page 1000 by selecting, for example, 
one of video cover buttons 904, 914, or 924 in web page 900, 
Web page 1000 comprises video cover icon 1001, movie 
review text 1002, selectable rent/buy icon 1003, and select- 
able trailer icon 1004. 

[0079] Movie review text 1002 comprises a scrollable 
window containing text reviews and/or a synopsis of the 
corresponding video. Selecting trailer icon 1004 allows a 
subscriber to view a brief video clip from the corresponding 
video file. Selecting rent/buy icon 1003 leads to subsequent 
web pages that begin the process of downloading the 
selected video to NVP 112. In an advantageous embodiment 
of the present invention, video cover icon 1001 is a larger 
sized ^aphic image (typically in JPEG or GIF format) of the 
box cover of the corresponding video. 

[0080] FIG. 11 is a more detailed block diagram of 
selected portions of exemplary network video player 112 
according to one embodiment of the present invention. 
Network video player (NVP) 112 comprises IR sensor 1105, 
NVP controller 212, browser 210, NVP storage device 214, 
MPEG2 dccoder/NTSC encoder 1110, and video processor 
1120. In the embodiment shown, NVP 112 is implemented 
as a set -top box that receives television signals from a cable 
service provider for display of television set 111, However, 
unlike a conventional cable box, NVP 112 is also capable of 
browsing the Internet and downloading and renting a video 
file or other data file. Advantageously, NVP 112 may access 
the Internet via the cable connection, such as by using a 
high-speed cable modem service. Alternatively, NVP 112 
may use a separate connection, such as a digital subscriber 
■line (DSL),- to access the lnternet.-In other embodiments of 
the present invention, NVP 112 may receive external tele- 
vision signals from an antenna, rather than from a cable 
service provider. 

[0081] FIG. 12 depicts flow chart 1200, which illustrates 
the operation of the exemplary network video player 112 
according to one embodiment of the present invention. NVP 
controller 212 directs the overall operation of network video 
player 112, including View mode. Play mode and Browse 
mode. In View mode, NVP controller 212 causes the incom- 
ing television signal from the cable service provider to be 
demodulated and processed by video processor 1120 and 
transmitted to television set 111, without storing or retriev- 
ing from NVP storage device 214 (process step 1205). Video 
processor 1120, which may be, for example, a TriMedia 
(TM) 1100 media processor, contains radio frequency (RF) 
front-end circuitry for receiving incoming television signals 
from the cable service provider, tuning to a user-selected 
channel, and converting the selected RF signal to a baseband 
television signal (e.g., super video signal) suitable for dis- 
play on televLsion set 111. Video processor 1120 also is 
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capable of receiving a conventional NTSC signal from 
MPEG2 dccoder/NTTSC encoder 1110 during Play mode and 
transmitting baseband television signal (e.g., super video 
signal) to television set 111, 

[0082] In Browse mode, NVP controller 212 launches 
browser 210 and directs video processor 1120 to receive its 
input video signal from browser 210. Once launched, 
browser 210 receives user commands from, for example, a 
remote control or an infrared-capable wireless keyboard or 
mouse. Browser 210 accesses web pages from VISP net- 
work 180 and VPOP networks 150, 160, and 170, as 
explained above, and causes video processor 1120 to display 
the web pages on television set 111. Video previews, such as 
MPEG2 video files, received by browser 210 may be trans- 
ferred to MPEG2 decoder/NTSC encoder 1110 for display in 
a window on television set 111. Eventually, the user may rent 
and download a video or other data file. The downloaded 
video file is stored in NVP storage device 214 for stibsequent 
playback on television set 111 (process step 1210). In Play 
mode, NVP controller 212 directs NVP storage device 214 
to stream a downloaded, rented video file to MPEG2 
decoder/NTSC encoder 1110, which converts the MPEG2 
data from NVP storage device 214 to, for example, a super 
video (S-'Wdeo) signal that video processor 1120 transmits 
to television set 111 (process step 1215). 

[0083] The MPEG2 standard was chosen for MPEG2 
encoder 220 and MPEG2 decoder/NTSC encoder 1110 only 
for the purposes of explaining the invention. In alternate 
embodimenLs of the present invention, the MPEG encoder 
and decoder may comply with the MPEG-1, MPEG-2, 
MPEG-4 or MPEG-7 standards. 

[0084] For the purposes of this application and the claims 
that foUow, NVP storage device 214 is defined to include 
any mass storage device that is both readable and writable, 
including conventional magnetic disk drives, magnetic tapes 
for a video cassette recorder (VCR) or video tape recorder 
(VTR), and optical disk drives for read/write digital versatile 
disks (DVD-RW), rewritable CD-ROMs, and the like. In 
fact, NVP storage device 214 need not be "fixed" in the 
conventional sense that it is permanently embedded in 
network video player 112. Rather, NVP storage device 214 
includes' any mass storage device" that is dedicated to net-* 
work video player 112 for the purpose of storing recorded 
video programs. Thus, NVP storage device 214 may include 
an attached peripheral drive or removable disk drives 
(whether embedded or attached), such as a juke box device 
that holds read/write DVDs or re-writable CD-ROMs. Fur- 
thermore, in an advantageous embodiment of the present 
invention, NVP storage device 214 may include external 
mass storage devices that network video player 112 may 
access and control via a network connection (e.g., Internet 
protocol (IP) connection), including, for example, a disk 
drive in the user's home personal computer (PC) or a disk 
drive on a server at the user's Internet service provider (ISP). 

[0085] FIG. 13 illustrates in greater detail selected por- 
tions of VPOP network 150 and NVP 112 that download 
video, audio and other digital data files in block bursts 
according to one embodiment of the present invention. 
VPOP network 150 comprises VPOP database 236, segmen- 
tation controller 1330, encTyption controller 1340, and trans- 
mission controller 1350. VPOP database 236 stores exem- 
plary video files 1301-1303, exemplary audio files 1311 and 



1312, and decryption keys 1320. In the illustrated embodi- 
ment, video files 1301-1303 arc arbitrarily labeled VIDEO 

1, VIDEO 2, and VIDEO 3, respectively, and audio files 
1311 and 1312 are arbitrarily labeled AUDIO 1 and AUDIO 

2, respectively. 

[0086] NVP 112 comprises NVP storage device 214, 
decryption controller 1355, and video-audio processor 1360. 
NVP storage device 214 stores segments 1315-1317, which 
are arbitrarily labeled SEGMENT 1, SEGMENT 2, and 
SEGMENT 3, respectively. Video-audio processor 1360 is 
coupled to television set 111. If NVP 112 is downloading 
video files from VPOP network 150, video-audio processor 
1360 plays the video track on the screen of television set 111 
and plays the accompanying audio track on the speakers of 
television set 111. If NVP 112 is downloading audio files 
from VPOP network 150, video-audio processor 1360 may 
play the audio file on the speakers of television set 111. In 
alternate embodiments, video-audio processor 1360 may 
play an audio file directly on stand-alone speakers not 
connected to a television or other device. 

[0087] VPOP network 150 may receive a request from 
NVP 112 for a specific digital data file. In this illustration, 
VPOP network 150 receives a request from NVP 112 for a 
specific file, video file 1301. Video file 1301 is a complete 
video movie and is digitized at VPOP network 150 using 
standard commercially available digitizing schemes. Prior to 
transmitting video file 1301 to NVP 112, VPOP segmenta- 
tion controller 1330 divides digitized video file 1301 into 
segments prior to downloading. Each of the segments rep- 
resents a viewing interval (e.g., each file comprises a pre- 
determined portion of the video) and all of the files together 
are a complete video. 

[0088] The length of the viewing interval depends on the 
size of a segment. The viewing interval can be adjusted to 
the network (here, the Internet) over which segments 1315- 
1317 are intended to be distributed. Adjusting the length of 
the viewing interval comprises adjusting the size of the 
segments into which video file 1301 is divided. The average 
available bandwidth on network 140 determines the size of 
the segments (i.e., more average available bandwidth allows 
smaller segments). 

[0089] "The size of each of segments l315-1317-can be' 
adjusted by segmentation controller 1330 to provide longer 
or shorter viewing intervals. A longer viewing interval 
compensates for network problems by providing a longer 
time window within which a subsequent segment may be 
dovraloaded before the viewer finishes viewing the current 
segment. At the same time, if the first segment downloaded 
to NVP 112 is relatively large, the viewer must wait a longer 
period before viewing the first video segment than with for 
a relatively small segment. 

[0090] After video file 1301 is divided into segments by 
segmentation controller 1330, each segment is then indi- 
vidually compressed by segmentation controller 1330 using 
standard video and audio compression codecs or other data 
reduction techniques for non-video or audio data. After the 
compression process is complete, each compressed video 
segment is passed to encryption controller 1340 and indi- 
vidually encrypted using a different encryption and decryp- 
tion key pair for each segment, llie use of separate encryp- 
tion and decryption key pairs for each video file provides 
much greater protection of the distributed content. If one 
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encryption and decryption key pair is compromised or if 
someone is able to break the encryption of one video 
segment, then only one segment is compromised. 

[0091] Segments 1315-1317 are transmitted to NVP 112 
and stored in NVP storage device 214. If NVP has been 
verified as authorized to receive and play video file 1301, 
decryption keys are sent to NVP 112 and are used by 
decryption controller 1355 to decrypt segments 1315-1317. 
As segments 1315-1317 are being loaded into memory, the 
first segmeni (i.e., segment 1315) is retrieved by video-audio 
controller 1360 from NVP storage device 214. After verifi- 
cation of NVP 112, the first decryption key (not shown) is 
used to decrypt segment 1315 and decrypted segment 1315 
is played by video-audio controller on television set 111. 
Succeeding segments 1316-1317 are played on TV 111 after 
decryption controller 1355 applies a decryption key corre- 
sponding to each segment, respectively. Video file 1301 is 
viewed by a subscriber on TV 111 as NVP 112 plays each 
segment, in order, and stores segments 1315-1317 in 
memory for later replay. Further, during the rental period, 
segments 1315-1317 that are stored in NVP storage device 
214 are a complete video and may be viewed as any other 
video during the rental period. 

[0092] FIGS. 14A and 14B are a flow chart depicting 
method 1400 for securely distributing digital data files over 
a network, according to one embodiment of the present 
invention. The rental process for renting digital data files in 
the form of video files, audio files and other data files has 
been described earlier in FIG. 3. 'Ilie method for distributing 
a digital data file over a network, in this illustration a video 
file, begins with a selection of a video file stored in VPOP 
database 236 on VPOP network 150. After a video file is 
selected by a subscriber, VISP network 180 checks the status 
of the subscriber and collects payment information (process 
step 1405). VISP network 180 then prompts VPOP network 
150 to begin the download process of the selected video. 
Segmentation controller 232 divides the entire video into 
individual video segments 1315-1317 whose size depends 
on the determination by transmission controller 1350 of the 
available bandwidth of the network (process step 1410). 
Hach video segment is then compressed (process step 1415) 
and each video segment is encrypted using encryption and 
-decryption key pairsr The -decryption keys' for each "video' 
segment are .stored in VPOP database 236 on VPOP network 
150 (process step 1420). VPOP transmission controller 232 
then begins to download the video segments to the request- 
ing subscriber device (process step 1425). 

[0093] After the first video segment is received by the 
requesting subscriber device (NVP 112), the subscriber is 
prompted by NVP 112 on TV 111 display screen with a 
statement such as, "The video is ready for viewing. Do you 
want to play it?", or the like (decision step 1430). [f the 
subscriber declines to play the video, the process returns to 
decision step 1430 and repeats the statement until the 
subscriber answers "yes" (process step 1440). 

[0094] Referring now to FIG. 14B, after receiving a 
positive response, NVP 112 then makes a secure connection 
to VPOP network 150 and sends a request to VPOP network 
150 to verify that the video segments that are being received 
into local storage at NVP 112 have been legitimately rented 
by NVP 112 and that the rental period has not expired 
(deci.sion step 1445). The subscriber may view a previously 



downloaded video file that is stored in its entirety in NVP 
storage device 214 if the rental period has not yet expired or 
will not expire during the requested rental period. If the 
rental period has expired or will expire during the new 
viewing period, depending on VISP network 180 operator 
and the agreement with VPOP network 150, VISP network 
180 prompts the subscriber to approve charges to the sub- 
scriber's account or credit card, or cancels the procedure 
(process step 1455). 

[0095] VPOP network 150 then determines whether the 
rental period has been verified (decision step 1460). If the 
rental period has expired, the subscriber is prompted to rent 
another video (process step 1465). If a successful verifica- 
tion is signaled (rental period has not expired), VPOP 
network 150 sends the appropriate decryption keys to NVP 
112 for all the video segments of the video file that was 
rented (process step 1470). NVP 112 then uses the first 
decryption key for the first video segment and begins to play 
the video by beginning playback of the first video segment. 
The remaining decryption keys are applied to each respec- 
tive video file just prior to playback (process step 1475). 

[0096] During the initial download of video file 1301, as 
the first video file and successive files are being played, the 
remaining video files are being downloaded in the back- 
ground. As long as the download of each subsequent video 
file is faster than the viewing time of an immediately prior 
video, the user does not perceive any video degradation. The 
transmission controller determines the average bandwidth of 
the communications network and transfers the segments at 
least as fast as the available bandwidth allows. Since the 
length of each video file can be optimized for the current 
conditions of the communication network, a subsequent 
video segment should arrive prior to the completion of the 
currently playing segment. Only an average bandwidth 
requirement is placed on the network and not a constant 
bandwidth requirement as that required in the data streaming 
mode. Downstream bandwidth may vary (be faster or 
slower) at any instant in time as long as the variance falls 
within each video segment viewing period (which could be 
several minutes). Therefore, an average bandwidth, slightly 
larger than that at which the video segment is encoded, is 
achieved. 

[0097] Once all video segments of the video file are 
downloaded, the video file is fully available from NVP 
storage device 214. All video control functions including 
rewind, forward, pause, stop, etc. can then be performed 
locally on the video file. Every time the Play button is 
pressed NVP 112 determines the last time that NVP 112 
checked with VPOP network 150 for verification. If that 
period is greater than a predetermined time (i.e., two hours) 
NVP 112 re-checks with VPOP network 150 for rental 
period verification to make sure that the video can be played 
by NVP 112. 

[0098] The decryption keys arc not stored in local storage 
of NVP 112. Whenever a stored video is to be played NVP 
112 validates the rental period of the video with VPOP 
network 150 and then obtains a copy of the decryption keys 
from VPOP database for the digital content (video segments) 
from VPOP network 150. VPOP network 150 maintains full 
control of the video file, through the decryption keys, even 
though the video may be distributed to many client devices 
(NVPs) and stored in the local storage of these devices. The 
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fact that the video does not have to be downloaded on every 
rewind operation saves shared network bandwidth for use by 
other devices on the network providing a much more scal- 
able solution. Only the decryption keys are downloaded 
each time the video is played (and only if it is a new play 
operation as opposed to a rewind and replay). For rewind 
and then play the VPOP network 150 is not checked unless 
the last time NVP 112 checked with VPOP network 150 
exceeds a certain, predetermined period of time. 

[0099] Although the present invention has been described 
in detail, those skilled in the art should understand that they 
can make various changes, substitutions and alterations 
herein without departing from the spirit and scope of the 
invention in its broadest form. 

What is claimed is: 

1. A digital content server capable of transmitting a 
selected digital data file comprising at least one of a video 
file and an audio file to a subscriber device via a commu- 
nication network, said digital content server comprising: 

a memory for storing said selected digital data file and a 
plurahty of encryption keys and a plurality of corre- 
sponding decryption keys; 

a segmentation controller capable of dividing said 
selected digital data file into a pluraUty of segments; 

an encryption controller capable of encrypting each of 
said pluraUty of segments with a selected one of said 
plurality of encryption keys; and 

a transmission controller capable of determining an aver- 
age bandwidth of said communication network over an 
N second period and transmitting said plurahty of 
encrypted segments to said subscriber device in an N 
second period at an average data rate at least equal to 
said average bandwidth of said communication net- 
work and wherein said transmission controller is 
capable of transmitting said decryption keys to said 
subscriber device. 

2. The digital content server as set forth in claim 1 
wherein said transmission controller is capable of transmit- 
ting said stored decryption keys to said subscriber device 
upon receipt of -a verification signal- 

3. The digital content server as set forth in claim 2 
wherein said transmission controller receives verification 
from said subscriber device. 

4. The digital content server as set forth in claim 1 
wherein said segmentatioo controller is capable of adjusting 
the size of each one of said plurality of segments. 

5. The digital content server as set forth in claim 4 
wherein said segmentatioo controller is capable of adjusting 
the size of each one of said plurality of segments according 
to parameters set by said transmission controller. 

6. The digital content server as set forth in claim 5 
wherein the parameters set by said transmission controller 
are one of equal to the average bandwidth and exceed the 
average bandwidth of said communications network. 

7. The digital content server as set forth in claim 1, 
wherein said decryption keys are sent to the subscriber 
device each time the selected file is played and said decryp- 
tion keys are required only when a predetermined fime 
period elapses between verification checks by said sub- 
scriber device. 



8. The digital content server as set forth in claim 1 
wherein said encryption coDtrollcr is capable of compressing 
each segment prior to encryption. 

9. A communication network comprising: 

a plurality of subscriber video players capable of receiv- 
ing digital content files; and 

a digital content server capable of transmitting a selected 
digital data file comprising at least one of a video file 
and an audio file to a subscriber device via a commu- 
nication network, said digital content server compris- 
ing: 

a memory for storing said selected digital data file and 
a plurality of encryption keys and a plurality of 
corresponding decryption keys; 

a segmentation controller capable of dividing said 
selected digital data file into a plurality of segments; 

an encryption controller capable of encrypting each of 
said plurality of segments with a selected one of said 
plurality of encryption keys; and 

a transmission controller capable of determining an 
average bandwidth of said communication network 
over an N second period and traasmitting said plu- 
rality of encrypted segments to said subscriber 
device in an N second period at an average data rate 
at least equal to said average bandwidth of said 
communication network and wherein said transmis- 
sion controller is capable of transmitting said decryp- 
tion keys to said subscriber device. 

10. The communication network as set forth in claim 9 
wherein said transmission controller is capable of transmit- 
ting said stored decryption keys to said subscriber device 
upon receipt of a verification signal. 

U. The communication network as set forth in claim 9 
wherein said transmission controller receives verification 
from said subscriber device. 

12. The communication network as set forth in claim 9 
wherein said segmentation controller is capable of adjusting 
the size of each one of said plurahty of segments. 

13. The communication network as set forth in claim 12 
wherein said segmentation controller is capable of adjusting 
the size of each one of said plurality of segments according- 
to parameters set by said transmission controller. 

14. The communication network as set forth in claim 13 
wherein the parameters set by said transmission controller 
are one of equal to the average bandwidth and exceed the 
average bandwidth of said communicafions network, 

15. 'ITie communication network as set forth in claim 14 
wherein said decryption keys are sent to the subscriber 
device each time the selected file is played and said decryp- 
tion keys are required only when a predetermined time 
period elapses between verification checks by said sub- 
scriber device. 

16. The communication network as set forth in claim 15 
wherein said encryption controller is capable of compressing 
each segment prior to encryption. 

17. A method for transmitting a selected digital data file 
comprising at least one of a video file and an audio file to a 
subscriber device via a communications network, compris- 
ing the steps of: 

dividing said digital data file into a plurahty of segments, 
wherein said segments are adjustable in size; 
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encrypting each of said plurality of segments with a 
selected one of a plurality of encryption keys; 

storing a plurality of decryption keys corresponding to 
said plurality of encryption keys; and 

transmitting each said encrypted segment via said com- 
munications network to said subscriber device at an 
average data rate at least equal to an average bandwidth 
of said communications network. 

18. 'The method as set forth in claim 1 7 further comprising 
the step of transmitting said decryption keys to said sub- 
scriber device upon receipt of a verification signal. 

19. The method as set forth in claim 18 further comprising 
the step of adjusting the size of each one of said plurality of 
segments according to parameters set by said transmission 



controller wherein the parameters are one of, equal to the 
average bandwidth and exceed the average bandwidth of 
said communications network. 

20. The method as set forth in claim 19 further comprising 
the step of, responsive to a verification signal, transmitting 
a copy of said stored decryption keys to said subscriber 
device for decrypting each said encrypted segment. 

21. The method as set forth in claim 20 the steps of: 

said subscriber device verifying a predetermined time 
period of use of said selected digital data file; and 

transmitting said decryption keys to said subscriber 
device only if said time period is exceeded. 

* * * * * 
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